Edit Jan 18th 2010,
Is there any symbol that should NOT be allowed to use in a password?
=========================================
Hi,
I am wondering what ‘common’ policy out there for username/password for creating a new account on a website.
This is currently what I have:
===========For username ==================
Length between 6 and 20 characters
Spaces are not allowed
Usernames are case sensitive
can contain lettlers, numbers, and symbols
* Uppercase letter (A-Z)
* Lowercase letter (a-z)
* Digit (0-9)
can not change after registration
===========For Password=============
6-20 chars long
can contain lettlers, numbers, and symbols
* Uppercase letter (A-Z)
* Lowercase letter (a-z)
* Digit (0-9)
* Special character (~`!@#$%^&*()+=_-{}[]\|:;”’?/<>,.)
password is encrypted in the database
password can be sent to the email address when requested
Thanks
For username you can make it case sensitive but I probably wouldn’t allow ‘similar’ matches.
For example it would be annoying to have these usernames on the site as all difference account:
Luigi
LUIGI
luIgI
LUigi
It could lead to griefing (people using similar account names to mock/harass someone). And it will just be confusing. And it causes problems when you have similar characters ilike l I i 0 o O.
I would rather use an email address as a username though since they will remember it. It is annoying having different usernames for lots of different sites. Email addresses are guaranteed to be unique 🙂
The password restrictions seem fine. As for that it is just a matter of how strong you want to force their passwords to be. Although, I would not send passwords through email. Email is insecure and the reset password method is preferred here.